On 10/01/2025 08:33, Andrey Repin via Cygwin wrote:
Greetings, Kaz Kylheku!
Hi all,
I'm reading an article on attacks that are evidently possible against some
Windows
programs in the area of command line parsing. See below.
Does the Cygwin run-time rely on GetCommandLineA to get the char-based command
line that is parsed into argv[]?
You can answer this question yourself. The code is open.
Specifically on https://cygwin.com/git/newlib-cygwin.git
/pub/Cygwin/git/newlib-cygwin
$ grep -rH GetCommandLineA .
./winsup/CVSChangeLogs.old/cygwin/ChangeLog-2013:
(cygwin_GetCommandLineA): Ditto.
./winsup/cygwin/cygwin.din:GetCommandLineA@0 = cygwin_GetCommandLineA@0
NOSIGFE
./winsup/cygwin/include/cygwin/version.h: 268: Export GetCommandLineA,
GetCommandLineW
./winsup/cygwin/kernel32.cc:/* Cygwin replacement for GetCommandLineA.
Returns a concatenated string
./winsup/cygwin/kernel32.cc:cygwin_GetCommandLineA (void)
Regards
Marco
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
